Follow Up
Summary
This component allows an auditor to explain and get feedback on their report as well as evaluate the success of the process over time through a continued relationship with the host.
This component consists of the final meeting with the host and following up with them after a period of a few months to see if they need further assistance, are willing to share their experience working with any of the recommended resources, or as new resources are identified.
Purpose
Follow up can be a valuable tool for encouraging an organization to continue their digital security process. But, follow up needs to be desired by an organization and achievable for the auditor. As such, follow up must be minimally intrusive on both the auditor and the host's time.
Guiding Questions
- What are the barriers the organization faced in implementing the recommended risk mitigation plan?
- Are there new resources that the auditor can provide to supplement the original audit?
- What can you do to make your follow up perceived as additional support instead of as an evaluation of their success?
Operational Security
- In addition to ongoing secure communication practices, check for any changes in keys or other authentication changes. If these occur re-verify this information using out of band means.
Preparation
- Secure communications options to conduct follow-up discussions with organization
Baseline Skills
Outputs
_
Activities
Follow-up Meeting_Schedule and have a follow up call to discuss the audit report. This provides a valuable touch-point for the organization to read the…- Making Introductions_Make introduction between host and known resources as needed.
- Long-Term Follow-up_Follow up with host after a few months to check on progress, get long-term feedback and connect with any new resources.
Staff Feedback Survey_Providing a space for anonymous, guided feedback is valuable to gather information about how your audit work and the SAFETAG framework…
References and resources for Follow Up
- Directory: "Selected International and Regional Organisations providing support to HRD" (Workbook on Security: Practical Steps for Human Rights Defenders at Risk)
- Directory: "Security Training Firms" (CPJ)
- Digital Emergency Contacts: "Seeking Remote Help" (The Digital First Aid Kit)
- Directory: "Resource Handbook" (Center for Investigative Journalism)
- Guide: "Additional Resources: p. 298" (Operational Security Management in Violent Environments (Revised Edition))
- Directory: "Resource Handbook" (Center for Investigative Journalism)
- Directory: "Selected International and Regional Organisations providing support to HRD" (Workbook on Security: Practical Steps for Human Rights Defenders at Risk)
- Guide: "Additional Resources: p. 298" (Operational Security Management in Violent Environments (Revised Edition))
- Database: "A Collaborative Knowledge Base for Netizens" (Tasharuk)
- Guidelines: "Microsoft nonprofit discount eligibility guidelines per country" (Microsoft)
- Organization: "TechSoup, nonprofits and libraries can access donated and discounted products and services from partners like Microsoft, Adobe, Cisco, Intuit, and Symantec." (TechSoup)
- Curricula: Level-Up: Resources for the global digital safety training community.
- Curricula: eQualit.ie's Trainer's Curricula (also in Russian)
- Training Manual: Workbook on Security: Practical Steps for Human Rights Defenders at Risk
- Trainer Handbook: "SaferJourno" (Internews)
Follow Up:
Resource Identification:
Resource Lists:
Possible Financial Resources for Host Organizations:
International organisations that may provide security grants
Frontline Defenders Security Grants Programme _See also the "Alternative Sources of Funding" list on this page
Digital Defenders Digital Security Emergency and Support Grants
Digital Security Trainings:
Emergency Resources:
International protection mechanisms for human rights defenders
What Protection Can The United Nations Field Presences Provide?
24/7 Digital Security Helpline: [email protected] PGP key fingerprint: 6CE6 221C 98EC F399 A04C 41B8 C46B ED33 32E8 A2BC
CiviCERT - a coordination of rapid response organizations. CiviCERT members offering emergency support are listed in the Digital First Aid Kit